Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets



Similar documents
How To Store Data On An Ocora Nosql Database On A Flash Memory Device On A Microsoft Flash Memory 2 (Iomemory)

Data Center Storage Solutions

Fusion iomemory iodrive PCIe Application Accelerator Performance Testing

Improve Business Productivity and User Experience with a SanDisk Powered SQL Server 2014 In-Memory OLTP Database

Oracle Acceleration with the SanDisk ION Accelerator Solution

Amadeus SAS Specialists Prove Fusion iomemory a Superior Analysis Accelerator

Microsoft SQL Server Acceleration with SanDisk

Data Center Solutions

Accelerating Microsoft Exchange Servers with I/O Caching

Data Center Solutions

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Vormetric Encryption Architecture Overview

Accelerating Enterprise Applications and Reducing TCO with SanDisk ZetaScale Software

WITH A FUSION POWERED SQL SERVER 2014 IN-MEMORY OLTP DATABASE

Removing Performance Bottlenecks in Databases with Red Hat Enterprise Linux and Violin Memory Flash Storage Arrays. Red Hat Performance Engineering

HP PCIe IO Accelerator For Proliant Rackmount Servers And BladeSystems

Boost Database Performance with the Cisco UCS Storage Accelerator

All-Flash Storage Solution for SAP HANA:

TekSouth Fights US Air Force Data Center Sprawl with iomemory

MS Exchange Server Acceleration

Improving Microsoft Exchange Performance Using SanDisk Solid State Drives (SSDs)

EMC Unified Storage for Microsoft SQL Server 2008

Accelerating Server Storage Performance on Lenovo ThinkServer

Cloudmark Slays Spam with Fusion iomemory Solutions

Cisco UCS and Fusion- io take Big Data workloads to extreme performance in a small footprint: A case study with Oracle NoSQL database

HP ProLiant DL580 Gen8 and HP LE PCIe Workload WHITE PAPER Accelerator 90TB Microsoft SQL Server Data Warehouse Fast Track Reference Architecture

Virtualization of the MS Exchange Server Environment

Advantages of Intel SSDs for Data Centres

Complying with PCI Data Security

Seeking Fast, Durable Data Management: A Database System and Persistent Storage Benchmark

Benchmarking Cassandra on Violin

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

The Flash-Transformed Financial Data Center. Jean S. Bozman Enterprise Solutions Manager, Enterprise Storage Solutions Corporation August 6, 2014

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

IS IN-MEMORY COMPUTING MAKING THE MOVE TO PRIME TIME?

Data Center Storage Solutions

MaxDeploy Ready. Hyper- Converged Virtualization Solution. With SanDisk Fusion iomemory products

Data Center Performance Insurance

Running Oracle s PeopleSoft Human Capital Management on Oracle SuperCluster T5-8 O R A C L E W H I T E P A P E R L A S T U P D A T E D J U N E

Databases Acceleration with Non Volatile Memory File System (NVMFS) PRESENTATION TITLE GOES HERE Saeed Raja SanDisk Inc.

Identity Theft. Credit Card Fraud. Hackers. Terrorists. It s scary out there.

Vertical Scaling of Oracle 10g Performance on Red Hat Enterprise Linux 5 on Intel Xeon Based Servers. Version 1.0

Fast, Low-Overhead Encryption for Apache Hadoop*

ioscale: The Holy Grail for Hyperscale

HyperQ Storage Tiering White Paper

Real-Time Big Data Analytics SAP HANA with the Intel Distribution for Apache Hadoop software

Alliance Key Manager Solution Brief

8Gb Fibre Channel Adapter of Choice in Microsoft Hyper-V Environments

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

SMB Direct for SQL Server and Private Cloud

ENHANCING SECURITY FOR SAP HANA IN THE CLOUD

Preview of Oracle Database 12c In-Memory Option. Copyright 2013, Oracle and/or its affiliates. All rights reserved.

SanDisk ION Accelerator High Availability

Deploying Flash- Accelerated Hadoop with InfiniFlash from SanDisk

EMC XtremSF: Delivering Next Generation Performance for Oracle Database

High Performance MySQL Cluster Cloud Reference Architecture using 16 Gbps Fibre Channel and Solid State Storage Technology

A Close Look at PCI Express SSDs. Shirish Jamthe Director of System Engineering Virident Systems, Inc. August 2011

SimpliVity OmniStack with Vormetric Transparent Encryption

LLNL Redefines High Performance Computing with Fusion Powered I/O

HyperQ Remote Office White Paper

The Flash- Transformed Server Platform Maximizing Your Migration from Windows Server 2003 with a SanDisk Flash- enabled Server Platform

SUN ORACLE EXADATA STORAGE SERVER

Lab Validation Report

An Oracle White Paper July Oracle Primavera Contract Management, Business Intelligence Publisher Edition-Sizing Guide

An Oracle White Paper October Realizing the Superior Value and Performance of Oracle ZFS Storage Appliance

Oracle Exadata Database Machine for SAP Systems - Innovation Provided by SAP and Oracle for Joint Customers

Accelerating Business Intelligence with Large-Scale System Memory

Intel RAID SSD Cache Controller RCS25ZB040

Flash Memory Arrays Enabling the Virtualized Data Center. July 2010

Oracle Exadata: The World s Fastest Database Machine Exadata Database Machine Architecture

Vormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard

Getting More Performance and Efficiency in the Application Delivery Network

Memory Channel Storage ( M C S ) Demystified. Jerome McFarland

Best Practices for Optimizing SQL Server Database Performance with the LSI WarpDrive Acceleration Card

alcatel-lucent vitalqip Appliance manager End-to-end, feature-rich, appliance-based DNS/DHCP and IP address management

Accelerating Business Intelligence with Large-Scale System Memory

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Cisco, Citrix, Microsoft, and NetApp Deliver Simplified High-Performance Infrastructure for Virtual Desktops

VDI Without Compromise with SimpliVity OmniStack and Citrix XenDesktop

Informatica Ultra Messaging SMX Shared-Memory Transport

INTRODUCTION ADVANTAGES OF RUNNING ORACLE 11G ON WINDOWS. Edward Whalen, Performance Tuning Corporation

V3 Systems Reinvents Virtual Desktop Infrastructure with Fusion Powered I/O

Accelerating Data Compression with Intel Multi-Core Processors

Securing Sensitive Data

The Flash Transformed Data Center & the Unlimited Future of Flash John Scaramuzzo Sr. Vice President & General Manager, Enterprise Storage Solutions

Overview: X5 Generation Database Machines

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

White Paper. Recording Server Virtualization

Intel and Qihoo 360 Internet Portal Datacenter - Big Data Storage Optimization Case Study

An Oracle White Paper December Exadata Smart Flash Cache Features and the Oracle Exadata Database Machine

DIABLO TECHNOLOGIES MEMORY CHANNEL STORAGE AND VMWARE VIRTUAL SAN : VDI ACCELERATION

SUN STORAGE F5100 FLASH ARRAY

Secure, Scalable and Reliable Cloud Analytics from FusionOps

FUSION iocontrol HYBRID STORAGE ARCHITECTURE 1

Chapter 1: Introduction

BENCHMARKING CLOUD DATABASES CASE STUDY on HBASE, HADOOP and CASSANDRA USING YCSB

2009 Oracle Corporation 1

Save up to 85% on Your Oracle Costs

Dell* In-Memory Appliance for Cloudera* Enterprise

Transcription:

WHITE PAPER Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets 951 SanDisk Drive, Milpitas, CA 95035 www.sandisk.com

Table of Contents Abstract... 3 Introduction... 3 The Solution... 3 The Advanced Encryption Stan Dard (AES)...3 Intel AES-NI... 4 Vormetric... 4 Fusion IoMemory... 4 Solution Testing... 5 Database Testing...5 File System Testing... 6 Summary... 6 2

Abstract Achieving high performance while maintaining secure systems is an ongoing challenge for today s enterprises. While it is imperative for industry and government to react instantly to new information, protecting this data from adversaries is even more important. Consequently, performance is often sacrificed in favor of security. In this paper we show how a system combining Vormetric encryption and Fusion iomemory products offer unprecedented performance while maintaining security and compliance, including FIPS 140-2 encryption-at-rest requirements. Introduction Both industry and government worldwide are facing ever-increasing requirements to secure data. External compliance requirements such as Payment Card Industry Data Security Standard (PCI DSS), US state data-breach laws, the US HIPAA/HITECH Acts, UK Data Protection Act, and EU Data Protection Directive raise the bar for data security, and carry heavy fines and notification requirements for companies that experience a data breach. In response, business leaders are now imposing internal data security mandates to protect intellectual property and all types of private and confidential data to avoid the brand damage and business losses that can result from a breach of these types of data. One way companies meet internal and external data protection mandates is with encryption. SanDisk is the industry leader in non-volatile memory solutions. SanDisk products offer applications millions of IOPS (Input/Output Operations per Second) and gigabytes of bandwidth in a single server with minimal latency to make systems capable of multi-millions of transactions per second. Its products high-performance is key to both business and intelligence. This is why SanDisk has been deployed in Fortune 100 companies and countless government agencies for years, and has established OEM relationships with every major server manufacturer on the planet. Until now, it has not been possible for a single system to deliver both industry-leading performance and AES encryption. Using Vormetric Encryption VS and Fusion iomemory products, security and performance are no longer at odds. The Solution The Advanced Encryption Standard (AES) One popular encryption standard used by government and enterprises around the world is the Advanced Encryption Standard (AES). AES is an encryption specification adopted by the US government in 2001, superseding the older, less secure 3DES (Data Encryption Standard) with 128-, 192-, and 256-bit key length. AES is the first publicly accessible and open cipher approved by the US National Security Agency (NSA) for top secret information when used in an NSAapproved cryptographic module. For more information on AES, refer to United States government FIPS Publication 1973. For the AES algorithm, Vormetric Encryption supports 128- and 256-bit encryption keys. 3

Intel AES-NI Intel AES-NI (Advanced Encryption Standard New Instructions) is a set of new instructions in the Intel Xeon processor 56xx Series (formerly codenamed Westmere-EP) and more recent Intel processors. Intel AES-NI implements a set of instructions in hardware to compute some steps of the AES algorithm. Encryption performance is significantly improved by moving instructions from software to hardware. The hardware implementation speeds execution of the AES encryption/decryption algorithms and helps to significantly reduce the performance overhead required for encryption. Vormetric Vormetric Data Security is a comprehensive solution for centrally managed key management, encryption, and access control for data at rest across distributed systems. Vormetric Data Security is a proven high-performance encryption and key management solution that transparently deploys on Linux, UNIX, and Windows servers in physical, virtual, and cloud environments. The Vormetric Data Security Manager appliance integrates key management, data security policy management, and event log collection into a centrally managed cluster that provides high availability and scalability to thousands of Vormetric Encryption agents. This enables data security administrators to easily manage standards-based encryption across Linux, UNIX, and Windows operating systems in both centralized and geographically distributed environments. The Vormetric Data Security Manager stores the data security policies, encryption keys, and audit logs in a hardened FIPS 140-2-certified appliance that is physically separated from the hosts. Security teams can enforce strong separation of duties over management of the Vormetric system by requiring the key assignment and policy management to be handled by more than one data security administrator so that no one person has complete control over the security of data. Fusion IoMemory Fusion iomemory products use VSL (Virtual Storage Layer) software to transform NAND flash into a new tier of non-volatile memory. This new memory tier is nearly as fast as RAM, holds orders-of-magnitude more capacity per server, and has far lower power and cooling costs. iomemory eliminates network, controller, and storage protocols between applications and the flash to offer dramatically lower latencies than hard disk- and SSD-based storage systems. Without this architecture, other solutions can never achieve the same levels of application acceleration and infrastructure consolidation. By combining Fusion iomemory technology with Vormetric Encryption, enterprises can achieve unprecedented performance for encrypted data access. 4

Solution Testing The tests compared the performance of a configured system before and after volumes were encrypted with AES 256 and guarded by the Vormetric agent. Tests were run on an HP ML350P, equipped with Dual Intel Xeon E5-2690 Processors, 64GB of DRAM and two Fusion iomemory iodrive 2 Duo 2.4TB cards. Database Testing Database load was generated with the Swingbench order entry tool, a free load generator and database stress testing tool. Swingbench simulates JDBC (Java Database Connectivity) transactions, similar to a TPC-C benchmark. Swingbench inserts data similar to an order processing system and simulates user queries that include both small transactions and large table joints. The database was configured with both guarded (encrypted) and unguarded (cleartext) configurations for this test. 5

File System Testing IOPS and bandwidth were tested with the SanDisk storage benchmarking tool for both the encrypted and unencrypted volumes. The iodrive2 Duo cards were first configured with mdadm to create a single 2TB volume and formatted with an ext4 file system. Tests were run with 4K and 1MB block sizes. Summary This testing demonstrates that the combination of Fusion iomemory devices and Vormetric Encryption supporting AES-NI technology enables enterprises to secure data while maintaining exceptional performance for both file system and database workloads. This configuration yields higher performance than many expensive disk-based systems have without encryption at rest. Raw file system performance carried higher overhead, up to 63% performance impact on IOPS. However, at 139,244 IOPS, it still delivered the performance of nearly 700 hard disks. In database benchmarking, the tests that illustrate how storage affects application performance, the ultra-low latency SanDisk architecture delivered much higher performance than the raw flash file system tests. Vormetric introduced under 2% overhead for database inserts and under 8% overhead to total transactions per minute. This testing shows that security can be guaranteed while still achieving high levels of performance. FOR MORE INFORMATION Contact a SanDisk representative, 1-800-578-6007 or fusion-sales@sandisk.com The performance results discussed herein are based on testing and use of the described products. Results and performance may vary according to configurations and systems, including drive capacity, system architecture and applications. 2014 SanDisk Corporation. All rights reserved. SanDisk is a trademark of SanDisk Corporation, registered in the United States and other countries. Fusion iomemory, iodrive, VSL and others are trademarks of SanDisk Enterprise IP LLC. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information